Being a system_api_service prevents non-privileged apps from getting a reference to WearableSensingManager via Context#getSystemService (it returns null). CTS tests are run as non-privileged apps, so we need this change to properly test the API.
The API methods are protected by a signature|privileged permission. CTS tests can gain this permission by adopting the Shell's permission identity, but it can't get around the SELinux policy.
wearable_sensing_service is mostly modelled after ambient_context_service, which is an app_api_service, so we believe this change is fine from a security's perspective.
Test: A CTS test can get a WearableSensingManager via Context#getSystemService after this change.
Change-Id: I9d854353f48ff7b3fa5a07527bee0bcc83cb6236
type=1400 audit(0.0:835): avc: denied { read }
for path="/data/app/vmdl1923101285.tmp/base.apk"
dev="dm-37" ino=29684
scontext=u:r:isolated_app:s0:c512,c768
tcontext=u:object_r:apk_tmp_file:s0 tclass=file
permissive=0
Bug: 308775782
Bug: 316442990
Test: Flashed to device with and without this change, confirmed that this
change allows an isolated process to read already opened staged apk file
(cherry picked from https://android-review.googlesource.com/q/commit:cf2694bf863fc31ac5862b92bb9258136de57932)
Merged-In: I7226bae79344c3b2a5a0f59940dde6d64a8a7ea1
Change-Id: I7226bae79344c3b2a5a0f59940dde6d64a8a7ea1
/tmp is a volatile temporary storage location for the shell user.
As with /data/local/tmp, it is owned by shell:shell and is chmod 771.
Bug: 311263616
Change-Id: Ice0229d937989b097971d9db434d5589ac2da99a
It ferries SecretManagement messages to/from Sk. Reflect this is
sepolicies.
Test: With topic, check selinux denials
Bug: 291213394
Change-Id: Ia0d25e46232d56c59fb18f8642767bfa2d5ffab1
This reverts commit 5e1d7f1c85.
Reason for revert: retry with a fix to the failed tests
Test: atest art_standalone_oatdump_tests
Change-Id: I28872c643ba4ec07ef41b1f9be86036c592a6e4e
am skip reason: Merged-In I5559dfca1a29852b65481c95f37edc9977ee9d7d with SHA-1 094e8e81a2 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2875635
Change-Id: I48daef2abbfaff2790f13f759b9d2402a2e6ba68
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
It ferries SecretManagement messages to/from Sk. Reflect this is
sepolicies.
Test: With topic, check selinux denials
Bug: 291213394
Change-Id: I0acc06424eb834d66a85f9d4f6b8b632d95c4190
The changes include
- allow binder calls to ActivityManager and NativePackageManager
- allow binder calls from system server
- allow writes of statsd atoms
- allow init to start uprobestats
- permission for uprobestats config files and propery
- allow execution of oatdump so it can look up code offsets
- allow scanning /proc.
Test: m selinux_policy
Change-Id: Id1864b7dac3a2c5dcd8736c4932778e36b658ce3
"adb remount" runs the remount command, which needs to be able to update
bits in the super partition metadata. This change only affects
userdebug_or_eng policy.
Bug: 297923468
Test: adb-remount-test.sh
Change-Id: Ia78d4b0ea942a139c8a4070dc63a0eed218e3e18
It is effectively an oversight that bluetooth has this
but network stack does not.
This prevents the network stack process from (for example)
using timerfd_create with CLOCK_{REAL,BOOT}TIME_ALARM,
without trampolining through parts of the mainline module
which are shipped as part of the system server.
See:
https://man7.org/linux/man-pages/man2/timerfd_create.2.html
Bug: 316171727
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iba95c80f830784a587fa4df6867a99bcb96ace79
am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 ffeb680417 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2869455
Change-Id: Ic3f9aa6bb7aa559e391448fa5198b8f73df9af28
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 ffeb680417 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2869455
Change-Id: Ia9cdc30aacb17db751fd42a957c8787270d1ae2f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
The current sepolicy only allows V1 of AIDL CameraProvider
services. This CL updates the regex to allow for future
versions as well.
Bug: 314912354
Test: Verified by vendor
Change-Id: I80351a8bb7c2538c4ad1e0d418ea7a718d60be05
am skip reason: Merged-In Icc234bf604e3cafe6da81d21db744abfaa524dcf with SHA-1 b6211b88cf is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858826
Change-Id: I558dab015373373ce5abbb6f6297fdffba0e3736
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In Icc234bf604e3cafe6da81d21db744abfaa524dcf with SHA-1 b6211b88cf is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858826
Change-Id: I2d1181c0f222583cf1b347386259d1290e87aa20
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Bug: 308043377
Fixes: 308043377
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
(cherry picked from commit 1b32bccc1a)
